3 Answers
3

For the 2010-3749 issue, presuming you're looking at this exploit it doesn't really look like a canned exploit, more like an explanation of the issue. It would require for the application in question to make use of the vulnerable function for it to be exploitable.

Indeed, having a quick look through some of the issues that you've linked they look to be PHP language level issues. With this kind of problem, unless the codebase on the target system makes use of the vulnerable functionality, it may well not be exploitable. It could well be that Nessus is reporting vulnerability based on a received HTTP header which indicates an old version of PHP in use.

This doesn't necessarily mean that that the system in question is actually vulnerable

In addition to the sites you've mentioned I tend to look at cvedetails.com for any metasploit modules which may target the affected issue.

you could also try secunia.com and search for issues based on the product, as opposed to looking at language level issues.

Nessus and any other vulnerability scanners have some false positives when they detect "vulnerability". I saw cases in which the system was running the latest updates, and a vulnerability scanner will report that it has a "critical" vulnerability. Unless you are sure that the target system is vulnerable (you have access to the system and know what's running there), it is quite possible that what you are seeing is a just false positive.